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1 REMARKS 

2 These remarks follow the order of the paragraphs of the office action. Relevant portions of the 

3 office action are shown indented and italicized. 

4 DETAILED ACTION 

5 Information Disclosure Statement 

6 I The information disclosure statement (IDS) submitted on August 31, 2001 is in 

7 compliance with the provisions of 37 CFR 1:97. Accordingly, the information disclosure 

8 statement is being considered by the examiner. 

9 Specification 

1° 2. The disclosure is objected to because of the following informalities: On page 1, line 

11 !0> application 09/240,503 is cross referenced and the status of the application should be 

12 updated to indicate that the application is now abandoned 

1 3 Appropriate correction is required 

14 In response, applicants respectfully state that the application is updates so that the words now 

1 5 abandoned were inserted into the specification. This overcomes the objection of the disclosure, 

1 6 Claim Objections 

* ? 3. Claims Ware /ff are objected to because of the following informalities: On line 1 it is 

1 8 recited of "at least one table " that is a lack o/antecedent basis It is unclear from the 

1 9 claim if the "table " is a "lookup table " or a "randomized table " as is claimed in claim 

20 1. Appropriate correction is required 

21 In response, applicants respectfully state that the words at "at least one table" is intended to mean 

22 either a "lookup table" or a "randomized table", or both . Thus there is indeed proper antecedent 

23 basis for the common word table as in claims 1 0 are 1 8. 

24 Claim Rejections- USC § 102 

25 4 The following is a quotation of the appropriate paragraphs of 35 U.S. C 102 that form 

26 the basis for the rejections under this section made in this Office action: 

27 A person shall be entitled to patent unless - 
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1 (b) the invention was patented or described in a printed publication in this or a foreign 

2 county or in public use or on sale in this country, more than one year prior to the date of 

3 application for patent in the United States. 

. 4 J, Claims 1-4, 10-13, 15, 18, 29, 30,36-43, 52,53.55 and 56 are rejected under 35 U.&C. 

5 102(b) as being anticipated by Chart etal entitled "Towards Sound Approaches to 

6 Counteract Power-Analvsis Attacks. 

1 

8 In response, applicants respectfully state that as stated in the abstract, the present invention as in 

9 claims 1-4, 10-13, 15, 18, 29, 30,36-43, 52,53.55 and 56 is for, "[Methods, apparatus and 

1 0 computer software and hardware products providing method, apparatus and system solutions for 

1 1 implementing table lookups in a side-channel attack resistant manner. Embodiments are 

12 provided for devices and situations where there is limited amount of RAM memory available or 

13 restrictions on memory addressing. The solutions solve problems associated with lookup tables 

14 with large indices, as well as problems associated with looking up large sized tables or a 

15 collection of tables of large cumulative size, in limited devices, in an efficient side-channel attack 

16 resistant manner. These solutions provide defenses against both first-order side channel attacks as 

1 7 well as higher-order side channel attacks. One aspect of the present invention is the creation of 

1 8 one or more random tables which are used possibly in conjunction with other tables to perform a 

19 table lookup. This denies an adversary information about the table lookup from the side channel 

20 and thereby imparting side-channel resistance to the table lookup operation. Another aspect of 

2 1 the present invention is the use of a combination of some operations such as Table Split, Table 

22 Mask and Table Aggregate, to achieve this side-channel resistance within the limited amounts of 

23 available RAM and limited memory addressing capabilities of the device performing table 

24 lookups." Thus claims 1-4, 10-13, 15, 18, 29, 30,36-43, 52,53.55 and 56 provides solutions and 

25 defenses against both first-order side channel attacks as well as higher-order side channel attacks. 

26 Whereas the cited reference having three inventors common to the present application, Suresh 

27 Chari, Josyula R. Rao, and Pankaj Rohatgi provides, "[S]ide channel cryptanalysis techniques, 

28 such as the analysis of instantaneous power consumption, have been extremely effective in 

29 attacking implementations on simple hardware platforms. There are several proposed solutions to 

30 resist these attacks, most of which are ad-hoc and can easily be rendered ineffective. A scientific 
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1 approach is to create a model for the physical characteristics of the device, and then design 

2 implementations provably secure in that model, i.e., they resist generic attacks with an a priori 

3 bound on the number of experiments. We propose an abstract model which approximates power 

4 consumption in most devices and in particular small single-chip devices. Using this, we propose 

5 a generic technique to create provably resistant implementations for devices where the power 

6 model has reasonable properties, and a source of randomness exists. We prove a lower bound on 

7 the number of experiments required to mount statistical attacks on devices whose physical 

8 characteristics satisfy reasonable properties." This reference is thus not concerned with 

9 providing solutions and defenses against both first-order side channel attacks as well as 
10 higher-order side channel attacks. 

11 

1 2 As par c\aim 7, Chari et al discloses of a method comprising providing a data 

J 3 processing operation involving at least one lookup table, each particular table from said 

14 at least one lookup table having a particular lookup table size and a particular lookup 

1 5 table index size and creating at least one randomized table in which entries and/or 

1 6 indices are statistically independent from entries and/or indices of said at least one 

1 7 lookup table, each individual table from said at least one randomized table having a 

1 8 randomized table size, wherein a first sum of sizes of all said randomized tables is 

19 smaller than a second sum of sizes of all lookup tables, Or the maximum index size of said 

20 randomized tables is less than the maximum index size of the lookup tables (see page 404, 

21 section 3,3). 

22 In response, applicants respectfully state that in order to bring the application to allowance claim 

23 1 is amended to include the limitation of objected-to claim 5. Claim 5 is canceled. This makes 

24 claim 1 and all claims 2- 18, 29 ? 30, 39, 40 and 53, that ultimately depend on claim 1 to be 

25 allowable. 

26 As P er claim 2, it is taught by Chari et al of using one randomized table (see page 404, 

27 section 3,3). 

28 In response, applicants respectfully state that although applicants do not agree with the 

29 equivalencies made in the office action between claim 2 and the cited reference, they indicate 

30 that claim 2 is dependent on allowable claim 1 and is allowable. 
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1 As per claim 3, it is disclosed by Chari et al of obtaining data processing operations 

2 (see page 404, section 3.3). 

3 In response, applicants respectfully state that although applicants do not agree with the 

4 equivalencies made in the office action between claim 3 and the cited reference, they indicate 

5 that claim 3 is dependent on allowable claim 1 and is allowable. 

6 Afper claim jj Chari et al discloses of creating a randomized table includes applying 

7 a T able Split operation to at least one of said lookup tables resulting in split lookup 

8 tables (see page 404, section 3 J). 

9 In response, applicants respectfully state that although applicants do not agree with the 

10 equivalencies made in the office action between claim 4 and the cited reference, they indicate 

1 1 that claim 4 is dependent on allowable claim 1 and is allowable. 

12 4$ per claim 10, Chari et al teaches of the table is a table from a COMP128 

1 3 application (see abstract and page 404, section 3. 3 ). 

14 In response, applicants respectfully state that although applicants do not agree with the 

1 5 equivalencies made in the office action between claim 10 and the cited reference, they indicate 

16 that claim 10 is ultimately dependent on allowable claim 1 and is allowable. 

1 7 per claim / 7, it is disclosed by Chari et al of the number of elements in (be lookup 

1 8 table is given by a power of two (see page 404, section 3.3). 

1 9 In response, applicants respectfully state that although applicants do not agree with the 

20 equivalencies made in the office action between claim 1 1 and the cited reference, they indicate 

21 that claim 1 1 is ultimately dependent on allowable claim 1 and is allowable. 

22 A$ per claim l £ Chari et al teaches of employing said at least one randomized table in 

23 a cryptographic process, applying said at east one randomized table for securely 

24 handling information in said cryptographic process (see page 404, section 3. 3). 
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1 In response, applicants respectfully state that although applicants do not agree with the 

2 equivalencies made in the office action between claim 1 2 and the cited reference, they indicate 

3 that claim 12 is ultimately dependent on allowable claim 1 and is allowable. 

4 As per claim j3, Chart et al discloses of prior to performing said cryptographic 

5 process, transforming the information by applying a secret-sharing operation to the 

6 elements of the information where each element of the information is related to multiple 

7 elements of the transformed information! performing the cryptographic process on the 

8 transformed information involving the use of said randomized table, and re-transforming 

9 the transformed and cryptographically processed information by applying an inverse 

1 0 secret-sharing operation to the transformed and cryptographically processed information 

1 1 (see page 404, section 3. 3). 

12 In response, applicants respectfully state that although applicants do not agree with the 

1 3 equivalencies made in the office action between claim 1 3 and the cited reference, they indicate 

14 that claim 1 3 is ultimately dependent on allowable claim 1 and is allowable. 

1 5 As per claim Chari at al teaches of employing data processing operation as a 

1 6 countermeasure against a first order side channel attack (see page 405, section 3. 4). 

1 7 In response, applicants respectfully state that although applicants do not agree with the 

18 equivalencies made in the office action between claim 15 and the cited reference, they indicate 

19 that claim 1 5 is ultimately dependent on allowable claim 1 and is allowable. 

As claim 1 $, it is disclosed by Chari et al that a table is a table from an application 

21 of General Countermeasures Against Side-Channel Attacks (see page 405, section 3.4). 

22 In response, applicants respectfully state that although applicants do not agree with the 

23 equivalencies made in the office action between claim 1 8 and the cited reference, they indicate 

24 that claim 1 8 is ultimately dependent on allowable claim 1 and is allowable. 

25 4$ per claim 29, it is disclosed by Chari et al of that the number of elements in the 

26 lookup table is 200 (see page 404, section 3,3). 
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1 In response, applicants respectfully state that although applicants do not agree with the 

2 equivalencies made in the office action between claim 29 and the cited reference, they indicate 

3 that claim 29 is ultimately dependent on allowable claim 1 and is allowable, 

4 A$ per claim 3Q f Chart et al discloses of an article of manufacture comprising computer 

5 readable program code embodied thereon for causing resistance to side channel attacks 

6 that provides a data processing operation involving at least one lookup table, each 

7 particular table from said at least one lookup table having a particular lookup table size 

8 and a particular lookup table index size and creating at least one randomized table in 

9 which entries and/or indices are statistically independent from entries and/or indices of 

1 0 said at least one lookup table, each individual table from said at least one randomized 

1 1 to ble having a randomized table size, wherein a first sum of sizes of all said randomized 

12 tables is smaller than a second sum of sizes of all lookup tables, or the maximum index 

13 size of said randomized tables is less than the maximum index size of the lookup tables 

14 (see abstract; page 404 } section 3.3; page 405, section 3.4). 

1 5 In response, applicants respectfully state that although applicants do not agree with the 

1 6 equivalencies made in the office action between claim 30 and the cited reference, they indicate 

1 7 that claim 30 is ultimately dependent on allowable claim 1 and is allowable. 

1 8 Af per claim 3$, Chart et al teaches of a method comprising providing a data 

1 9 processing operation involving a first lookup table in a cryptographic process, said 

20 lookup table having a first lookup table size, creating a randomized table in which entries 

21 or indices are statistically independent of entries or indices of said first lookup table, said 

22 randomized table having a randomized table size being smaller than said first lookup 

23 table size, employing said randomized table for securely handling information in said 

24 cryptographic process prior to performing the cryptographic process, transforming the 

25 information by applying a secret-sharing operation to the elements of the information 

26 where each element of the information is related to multiple elements of the transformed 

27 information, performing the cryptographic process on the transformed information 

28 involving the use of said randomized table, and re-transforming ike transformed and 

29 cryptographically processed information by applying an inverse secret 

30 sharing operation to the transformed and cryptographically processed information (see 

3 1 page 404, section 3.3 and page 405, section 3.4). 

32 In response, applicants respectfully state that in order to bring the application to allowance claim 

33 36 is amended to include the limitation of objected-to claim 7, which includes the limitations of 

34 claim 4. This makes claim 36 and all claims 37, 36 and 52, that depend on claim 36 to be 

35 allowable. 
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1 As per claim 37. it is taught by Chari et al of using one randomized table (see page 

2 404 7 section 3.3). 

3 In response, applicants respectfully state that although applicants do not agree with the 

4 equivalencies made in the office action between claim 37 and the cited reference, they indicate 

5 thai claim 37 is ultimately dependent on allowable claim 36 and is allowable. 

6 4j per claim 38, ii is disclosed by Chari et al of the cryptographic process is performed 

7 in a cryptographic information processing system (see abstract). 

8 In response, applicants respectfully state that although applicants do not agree with the 

9 equivalencies made in the office action between claim 38 and the cited reference, they indicate 

10 that claim 38 is ultimately dependent on allowable claim 36 and is allowable. 

1 1 44 per claim 39, Chariot et al discloses a chip card comprising a module for providing 

12 a data processing operation involving at least one lookup table, each particular table 

1 3 from said at least one lookup table having a particular lookup table size and a particular 

14 lookup table index size and creating at least one randomized table in which entries 

1 5 and/or indices are statistically independent from entries and/or indices of said at least 

1 6 one lookup table, each individual table from said at least one randomized table having a 

1 7 randomized table size, wherein a first sum of sizes of all said randomized tables is 

1 8 smaller than a second sum of sizes of all lookup tables, or the maximum index size of said 

19 randomized tables is less than the maximum index size of the lookup tables (see section 1, 

20 page 398 and page 404, section 3.3), 

2 1 In response, applicants respectfully state that although applicants do not agree with the 

22 equivalencies made in the office action between claim 39 and the cited reference, they indicate 

23 that claim 39 is ultimately dependent on allowable claim 1 and is allowable. 

24 4s per claim 40, Chari at al teaches of a fixed lookup table (page 404, section 3.3). 

25 In response, applicants respectfully state that although applicants do not agree with the 

26 equivalencies made in the office action between claim 40 and the cited reference, they indicate 

27 that claim 40 is ultimately dependent on allowable claim 1 and is allowable, 
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As per claim 41, it is disclosed by Chart et al of an apparatus for a randomizer module 

2 to create at least one randomized table in which entries and/or indices are statistically 

3 independent of entries; and/or indices of any table from a provided set of lookup tables, 

4 each individual table from said at least one randomized table having a randomized table 

5 size, wherein: a first sum of sizes of all said randomized tables is smaller than a second 

6 sum of sizes of all said at least one lookup tables, or the maximum index size of said 

7 randomized tables is less than the maximum index size of the lookup tables and a 

8 processing module to perform said data processing operation employing said first 

9 randomized table (page 404, section 3. 3). 

1 0 In response, applicants respectfully state that although applicants do not agree with the 

1 1 equivalencies made in the office action between claim 4 1 and the cited reference, they indicate 

12 that claim 41 is amended to include the limitations of objected-to claim 7, which includes the 

1 3 limitations of claim 4. This makes claim 4 1 and all claims 42-48, that depend on claim 4 1 to be 

14 allowable. 

1 5 As per claim 42, Chad et al teaches that the randomized module forms the provided set 

1 6 of lookup tables (see page 404, section 3. 3). 

1 7 In response, applicants respectfully state that although applicants do not agree with the 

1 8 equivalencies made in 1he office action between claim 42 and the cited reference, they indicate 

19 that claim 42 is ultimately dependent on allowable claim 41 and is allowable. 

20 As per claim 43, it is taught by Chad et al that the randomizer module includes a 

21 splitting module to perform a table split operation upon the subset, of the set of lookup 

22 tables resulting in split lookup tables (see page 404, section 3.3). 

23 In response, applicants respectfully state that although applicants do not agree with the 

24 equivalencies made in the office action between claim 43 and the cited reference, they indicate 

25 that claim 43 is ultimately dependent on allowable claim 4 1 and is allowable. 

?J As per claim 52, Chart et al discloses of an article of manufacture comprising Computer 

27 readable program code embodied thereon for causing resistance to side channel attacks 

28 that provides a data processing operation involving a first lookup table in a 

29 cryptographic process, said lookup table having a first lookup table size, creating a 

30 randomized table in which entries or indices are statistically independent of entries or 

3 1 indices of said first lookup table, said randomized table having a randomized table size 
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1 being smaller than said first lookup table size, employing said randomized table for 

2 securely handling information in said cryptographic process prior to performing the 

3 cryptographic process, transforming the information by applying a secret-sharing 

4 operation to the elements of the information where each element of the information is 

5 related to multiple elements of the transformed information, performing the 

6 cryptographic process on the transformed information involving the use of said 

7 randomized table, and re-transforming the transformed and cryptographically processed 

8 information by applying an inverse secret-sharing operation to the transformed and 

9 cryptographically processed information (see abstract; page 404, section 3. 3 and vase 

10 405, section 3.4). 

1 1 In response applicants respectfully state that although applicants do not agree with the 

12 equivalencies made in the office action between claim 52 and the cited reference, they indicate 

13 that claim 52 is ultimately dependent on allowable claim 36 and is allowable. 

14 ds per claim 53, Chari et al discloses of a program storage device readable by a 

15 machine, tangibly embodying a program of instructions executable by a machine for 

1 6 causing resistance to side channel attacks that provides a data processing operation 

1 7 involving at least one lookup table, each particular table from said at least one loohtp 

18 table having a particular lookup table size and a particular lookup table index size and 

1 9 creating at least one randomized table in which entries and/or indices are statistically 

20 independent from entries and/or indices of said at least one lookup table, each individual 

2 1 table from said at least one randomized table having a randomized table size, wherein a 

22 first sum of sizes of all said randomized tables is smaller than a second sum of sizes of all 

23 lookup tables, or the maximum index size of said randomized tables is less than the 

24 maximum index size of the lookup tables (see abstract; page 404, section 3.3; page 405, 

25 section 3.4). 

26 In response, applicants respectfully state that although applicants do not agree with the 

27 equivalencies made in the office action between claim 52 and the cited reference, they indicate 

28 that claim 52 is ultimately dependent on allowable claim 1 and is allowable. 

29 As per claim 55, Chari et al teaches of a program storage device readable by a 

30 machine, tangibly embodying a program of instructions executable by a machine for 

3 1 causing resistance to side channel attacks that provides a data processing operation 

32 involving a first lookup table in a cryptographic process, said loolzup table having a first 

33 lookup table size, creating a randomized table in which entries or indices are statistically 

34 independent of entries or indices of said first lookup table, said randomized table having 

35 a randomized table size being smaller than said first lookup table size, employing said 

36 randomized table for securely handling information in said cryptographic process prior 

37 to performing the cryptographic process, transforming the information by applying a 
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secret-sharing operation to the elements of the information where each element of the 
1 information is related to multiple elements of the transformed information, performing 

7 the cryptographic process on the transformed information involving the use of said 

randomized table, and re-transforming the transformed and cryptographically processed 
information by applying an inverse secret-sharing operation to the transformed and 

6 cryptographically processed information (see abstract; page 404. section 3 3- and vase 

7 405, section 3.4). y ^ 



8 In response, applicants respectfully state that although applicants do not agree with the 

9 equivalencies made in the office actiorj between claim 55 and the cited reference, they indicate 

10 that claim 55 is ultimately dependent ojn allowable claim 36 and is allowable. 

1 1 As per claim 5f). it is disclosed by Chari et al of a computer program product 

1 2 comprising a computer useable, medium having computer readable program code 

1 3 embodied thereon for causing Resistance to side channel attacks that provides a 

1 4 randomizer module to create ai least one randomized table in which entries and/or 

1 5 indices are statistically indepen)dent of entries; and/or indices of any table from a 

1 6 provided set of lookup tables, ehch individual table from said at least one randomized 

1 7 table having a randomized tabl\ size, wherein: a first sum of sizes of all said randomized 

1 8 tables is smaller than a second $um of sizes of all said at least one lookup tables, or the 

1 9 maximum index size of said randomized tables is less than the maximum index size of the 

20 lookup tables; and a processing module to perform said data processing operation 

2 1 employing said first randomized table (see abstract; page 404, section 3. 3; and page 405, 

22 section 3.4). 



23 In response, applicants respectfully state that although applicants do not agree with the 

24 equivalencies made in the office action between claim 56 and the cited reference, they indicate 

25 that claim 56 is ultimately dependent on allowable claim 41 and is allowable. 

26 Allowable Subject Matter 

2J &j:iaims5-?, 14, /fl and 44-48 are objected to as being dependent upon a rejected 

28 base claim, but would be allowable if rewritten in independent form including all of the 

2 9 limitations of the base claim and any intervening claims. 

30 In response, applicants respectfully state that objected-to claim 5 is incorporated into claim 1 , and 

3 1 claim 5 is canceled. All objected-to claims 6-9, 14, 1 6, 1 7, and 44-48 are not dependent on 
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1 allowable claims and are also allowable. This overcomes the objection of objected-to claims 6-9, 

2 14, 16, 17, and 44^18. 



4 In response, applicants respectfully state that appreciation for the allowance of claims 19-28, 

5 31-35, 49-51, 54, and 57. 

6 It is anticipated that this amendment brings the application to allowance of all claims 1 -4, and 

7 6-57. Favorable action is respectfully solicited If any rejections or objections remain, please 

8 call the undersigned before issuing a FINAL action. 

9 Please charge any fee other than the fee to revive, necessary to enter this pmer to deposit account 

10 50-0510. A credit card payment of the fee to revive, for $1500.00, is included on form 

11 PTO2038. 



3 



7. Claims 19-28. 31-35. 49- 51. 54. and 57 are allowed. 



12 



Respectfully submitted, 



13 
14 
15 
16 
17 



By: 




Dr. Louis P. Herzberg 
Reg. No. 41,500 
Voice Tel. (845) 352-3194 
Fax. (845) 352-3194 



18 3 Cloverdale Lane 

19 Monsey, NY 10952 



20 Customer Number: 54856 
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